-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Malthe Borch wrote:
> 2009/5/12 Tres Seaver <tsea...@palladion.com>:
>> The server side wouldn't know that: the presence of such a field in the
>> request is completely independent of any form (e.g., cookies passed long
>> after logging in).
>
> I understand the issue, but shouldn't the remedy be to avoid ever
> displaying request data in a public view?